In March, popular open source tools Trivy and Axios were compromised with malware, and we won't know the full blast radius for months.

Axios was breached by North Korean hackers who turned it into a malware delivery vehicle for about three hours after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate releases.

Trivy was hacked by a loosely knit band of hackers called TeamPCP, who injected credential-stealing malware.

"Attackers are starting to really look at the supply chain and open source packages, and figure out ways to compromise developers to deliver malware or gather data" ... https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/ #Hackers #Malware #Software #OpenSource #SoftwareSupplyChain #Trojan #CyberSecurity #Security #Trivy #Axios